]>
Commit | Line | Data |
---|---|---|
1 | import * as express from 'express' | |
2 | import { UserRight, VideoAbuseCreate, VideoAbuseState } from '../../../../shared' | |
3 | import { logger } from '../../../helpers/logger' | |
4 | import { getFormattedObjects } from '../../../helpers/utils' | |
5 | import { sequelizeTypescript } from '../../../initializers' | |
6 | import { | |
7 | asyncMiddleware, | |
8 | asyncRetryTransactionMiddleware, | |
9 | authenticate, | |
10 | ensureUserHasRight, | |
11 | paginationValidator, | |
12 | setDefaultPagination, | |
13 | setDefaultSort, | |
14 | videoAbuseGetValidator, | |
15 | videoAbuseReportValidator, | |
16 | videoAbusesSortValidator, | |
17 | videoAbuseUpdateValidator | |
18 | } from '../../../middlewares' | |
19 | import { AccountModel } from '../../../models/account/account' | |
20 | import { VideoAbuseModel } from '../../../models/video/video-abuse' | |
21 | import { auditLoggerFactory, VideoAbuseAuditView } from '../../../helpers/audit-logger' | |
22 | import { Notifier } from '../../../lib/notifier' | |
23 | import { sendVideoAbuse } from '../../../lib/activitypub/send/send-flag' | |
24 | ||
25 | const auditLogger = auditLoggerFactory('abuse') | |
26 | const abuseVideoRouter = express.Router() | |
27 | ||
28 | abuseVideoRouter.get('/abuse', | |
29 | authenticate, | |
30 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
31 | paginationValidator, | |
32 | videoAbusesSortValidator, | |
33 | setDefaultSort, | |
34 | setDefaultPagination, | |
35 | asyncMiddleware(listVideoAbuses) | |
36 | ) | |
37 | abuseVideoRouter.put('/:videoId/abuse/:id', | |
38 | authenticate, | |
39 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
40 | asyncMiddleware(videoAbuseUpdateValidator), | |
41 | asyncRetryTransactionMiddleware(updateVideoAbuse) | |
42 | ) | |
43 | abuseVideoRouter.post('/:videoId/abuse', | |
44 | authenticate, | |
45 | asyncMiddleware(videoAbuseReportValidator), | |
46 | asyncRetryTransactionMiddleware(reportVideoAbuse) | |
47 | ) | |
48 | abuseVideoRouter.delete('/:videoId/abuse/:id', | |
49 | authenticate, | |
50 | ensureUserHasRight(UserRight.MANAGE_VIDEO_ABUSES), | |
51 | asyncMiddleware(videoAbuseGetValidator), | |
52 | asyncRetryTransactionMiddleware(deleteVideoAbuse) | |
53 | ) | |
54 | ||
55 | // --------------------------------------------------------------------------- | |
56 | ||
57 | export { | |
58 | abuseVideoRouter | |
59 | } | |
60 | ||
61 | // --------------------------------------------------------------------------- | |
62 | ||
63 | async function listVideoAbuses (req: express.Request, res: express.Response) { | |
64 | const resultList = await VideoAbuseModel.listForApi(req.query.start, req.query.count, req.query.sort) | |
65 | ||
66 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | |
67 | } | |
68 | ||
69 | async function updateVideoAbuse (req: express.Request, res: express.Response) { | |
70 | const videoAbuse = res.locals.videoAbuse | |
71 | ||
72 | if (req.body.moderationComment !== undefined) videoAbuse.moderationComment = req.body.moderationComment | |
73 | if (req.body.state !== undefined) videoAbuse.state = req.body.state | |
74 | ||
75 | await sequelizeTypescript.transaction(t => { | |
76 | return videoAbuse.save({ transaction: t }) | |
77 | }) | |
78 | ||
79 | // Do not send the delete to other instances, we updated OUR copy of this video abuse | |
80 | ||
81 | return res.type('json').status(204).end() | |
82 | } | |
83 | ||
84 | async function deleteVideoAbuse (req: express.Request, res: express.Response) { | |
85 | const videoAbuse = res.locals.videoAbuse | |
86 | ||
87 | await sequelizeTypescript.transaction(t => { | |
88 | return videoAbuse.destroy({ transaction: t }) | |
89 | }) | |
90 | ||
91 | // Do not send the delete to other instances, we delete OUR copy of this video abuse | |
92 | ||
93 | return res.type('json').status(204).end() | |
94 | } | |
95 | ||
96 | async function reportVideoAbuse (req: express.Request, res: express.Response) { | |
97 | const videoInstance = res.locals.video | |
98 | const body: VideoAbuseCreate = req.body | |
99 | ||
100 | const videoAbuse: VideoAbuseModel = await sequelizeTypescript.transaction(async t => { | |
101 | const reporterAccount = await AccountModel.load(res.locals.oauth.token.User.Account.id, t) | |
102 | ||
103 | const abuseToCreate = { | |
104 | reporterAccountId: reporterAccount.id, | |
105 | reason: body.reason, | |
106 | videoId: videoInstance.id, | |
107 | state: VideoAbuseState.PENDING | |
108 | } | |
109 | ||
110 | const videoAbuseInstance = await VideoAbuseModel.create(abuseToCreate, { transaction: t }) | |
111 | videoAbuseInstance.Video = videoInstance | |
112 | videoAbuseInstance.Account = reporterAccount | |
113 | ||
114 | // We send the video abuse to the origin server | |
115 | if (videoInstance.isOwned() === false) { | |
116 | await sendVideoAbuse(reporterAccount.Actor, videoAbuseInstance, videoInstance, t) | |
117 | } | |
118 | ||
119 | auditLogger.create(reporterAccount.Actor.getIdentifier(), new VideoAbuseAuditView(videoAbuseInstance.toFormattedJSON())) | |
120 | ||
121 | return videoAbuseInstance | |
122 | }) | |
123 | ||
124 | Notifier.Instance.notifyOnNewVideoAbuse(videoAbuse) | |
125 | ||
126 | logger.info('Abuse report for video %s created.', videoInstance.name) | |
127 | ||
128 | return res.json({ videoAbuse: videoAbuse.toFormattedJSON() }).end() | |
129 | } |